8
High Impact Malware
Care Delivery, Supply Chain, Privacy
• EternalBlue exploit (NSA leak)
• WannaCry (May 2017):
• faulty Ransomware, ~$4-$8B global impact
• Petya (June 2017):
• cloaked Ransomware (Wiper), ~$10B impact
• WannaCry - care delivery impact:
• 81 of 236 hospital trusts; 595 of 7545 GP’s
• 1000+ systems, 19,000 appts., ~£92M loss
• Root Cause: Underinvestment, patching
• Leading to £21M security investment
• WannaCry still active!
• Petya – healthcare supply chain
• Global pharma company - ~$310M loss,
global drug and vaccine availability
• Transcription service provider - ~$68M loss,
impacted hosted transcription service
WannaCry, Petya
• Largest national HC provider, SE Asia
• July 2018 attack
• 1.5M records, incl. Prime Minister
• Post mortem report:
• Breach identified, but no action taken
• Missing Risk Assessment
• Lack of training, awareness, and concern
• Lack of vulnerability scans and pen testing
• Missing patch, poor password policies
• 16 recommendations (7 critical):
• Enhance security structure
• Review and assess cyber security stack
• Improved staff awareness - prevent, detect,
and respond to security incidents
• Enhanced security checks
• Tighten privileged admin account controls
• Improve incident response processes
• Private/public partnerships around security
Trojan.Nibatad